A kind of collaboration endorsement method and device for supporting credible display
阅读说明:本技术 一种支持可信显示的协同签名方法和装置 (A kind of collaboration endorsement method and device for supporting credible display ) 是由 韩留明 王庆芝 于 2019-07-19 设计创作,主要内容包括:本发明公开了一种支持可信显示的协同签名方法和装置,该方法包括以下步骤:1)签名参数初始化,产生整个签名过程中所需的公开参数;2)调用方和协同方生成秘钥;3)调用方和协同方合作生成公钥;4)生成签名。本发明方案保证仅在用户确认待签名消息正确性后,才会生成完整的数字签名;同时保证协同方数据丢失时,由于其缺乏存储在调用方的子私钥,攻击者无法利用协同方生成完整的数字签名。(The invention discloses a kind of collaboration endorsement methods and device for supporting credible display, method includes the following steps: 1) signature parameter initializes, generate and disclose parameter needed for entire signature process;2) called side and collaborative party generate code key;3) called side and collaborative party cooperation generate public key;4) signature is generated.The present invention program guarantee only after user confirms message correctness to be signed, can just generate complete digital signature;When guaranteeing collaborative party loss of data simultaneously, since its shortage is stored in the sub- private key of called side, attacker can not generate complete digital signature using collaborative party.)
1. a kind of collaboration endorsement method for supporting credible display, participant includes called side and collaborative party, which is characterized in that including Following steps:
1) signature parameter initializes
It generates and discloses parameter needed for entire signature process;The parameter includes: the elliptic curve relevant parameter of SM2 algorithm (q, Fq, n, G), cryptographic Hash function Hash ();
Wherein, q is Big prime, FqFor the finite field comprising q element, n is prime number, and G is a basic point of elliptic curve, rank For n;
2) called side and collaborative party generate code key
Called side obtains private key D1, collaborative party acquisition private key D2;D1、D2For two random numbers between [1, n-1];
3) called side and collaborative party cooperation generate public key
3.1) called side calculates D1In FqOn inverse element D1 -1Mod n, and calculate P1=D1 -1[*] G, by calculated result P1With user's body Part information is sent to collaborative party, and initiates collaboration and generate public key request;Wherein, mod indicates modulus operation, and [*] indicates oval bent Line point multiplication operation;
3.2) collaborative party receives and stores subscriber identity information, and calculates P=D2 -1[*]P1[-] G, using calculated result P as public key Storage is used for following digital signature calculation;
Collaborative party calculates D2In FqOn inverse element D2 -1Mod n, and calculate P2=D2 -1[*] G, by calculated result P2Return to calling Side, wherein mod indicates modulus operation, and [*] indicates elliptic curve point multiplication operation, and [-] indicates that elliptic curve point subtracts operation;
3.3) called side calculates W1=D1 -1[*]P2, store calculated result W1, then called side calculates P=W1[-] G is tied calculating Fruit P is disclosed as public key, and [*] indicates elliptic curve point multiplication operation, and [-] indicates that elliptic curve point subtracts operation;
4) signature is generated
4.1) called side is according to sub- private key D1Generate first part signature Q1, and by message M and Q to be signed1It is sent to collaborative party;
4.2) collaborative party credibly shows message M to be signed, after user's checking message is errorless, is generated according to message M to be signed The eap-message digest e of message M to be signed generates second part signature r according to Q1 and e, and according to D2Generate Part III signature s2, By r and s2Return to called side;
4.3) called side generates full signature according to D1, r and s2 and returns to digital signature request side.
2. the collaboration endorsement method according to claim 1 for supporting credible display, which is characterized in that in the step 4.1) Called side is according to sub- private key D1Generate first part signature Q1Process it is as follows: called side is treated signature information M and is counted receiving When the request of word signature, a random number k between [1, n-1] is generated1, and calculate k1[*]W1, using calculated result as Q1;Wherein, [*] indicates elliptic curve point multiplication operation.
3. the collaboration endorsement method according to claim 1 for supporting credible display, which is characterized in that in the step 4.2) Pass through the body that local secure storage private key owner's identity information verifies user before credibly showing message M to be signed in collaborative party Part.
4. the collaboration endorsement method according to claim 1 for supporting credible display, which is characterized in that in the step 4.2) The process that collaborative party generates the eap-message digest e of message M to be signed is as follows: Z and M are spliced to form M' by collaborative party, and calculate Hash (M'), using calculated result as e;Wherein, Z indicates private key owner identity, and Hash () indicates preset cryptographic Hash letter Number.
5. the collaboration endorsement method according to claim 1 for supporting credible display, which is characterized in that in the step 4.2) The process for generating second part signature r according to Q1 and e is as follows:
Collaborative party generates a random number k between [1, n-1]2, and calculate k2[*]G[+]Q1, obtain calculated result (x1, y1), and calculate r=x1+ e mod n signs calculated result r as second part;If r is equal to 0, collaborative party is regenerated k2, and (x is calculated again1, y1) and r, until r is not equal to 0;Wherein, [*] indicates elliptic curve point multiplication operation, [+] Indicate that elliptic curve point add operation, mod indicate modulus operation.
6. the collaboration endorsement method according to claim 1 for supporting credible display, which is characterized in that in the step 4.2) According to D2Generate Part III signature s2, using following formula:
s2=D2*(r+k2)mod n。
7. the collaboration endorsement method according to claim 1 for supporting credible display, which is characterized in that in the step 4.3) Called side is according to D1, r and s2It generates full signature (r, s), wherein s=k1+D1*s2-r mod n。
8. a kind of collaboration signature apparatus for supporting credible display, participant includes called side and collaborative party, which is characterized in that packet It includes:
Signature parameter initialization module discloses parameter needed for entire signature process for generating;The parameter includes: SM2 Elliptic curve relevant parameter (q, the F of algorithmq, n, G), cryptographic Hash function Hash ();
Wherein, q is Big prime, FqFor the finite field comprising q element, n is prime number, and G is a basic point of elliptic curve, rank For n;
Key production module generates key for called side and collaborative party;Called side obtains private key D1, collaborative party acquisition private key D2; D1、D2For two random numbers between [1, n-1];
Public key generation module generates public key for called side and collaborative party cooperation, specific as follows:
1) called side calculates D1In FqOn inverse element D1 -1Mod n, and calculate P1=D1 -1[*] G, by calculated result P1And user identity Information is sent to collaborative party, and initiates collaboration and generate public key request;Wherein, mod indicates modulus operation, and [*] indicates elliptic curve Point multiplication operation.
2) collaborative party receives and stores subscriber identity information, and calculates P=D2 -1[*]P1[-] G is deposited using calculated result P as public key Storage is used for following digital signature calculation;
Collaborative party calculates D2In FqOn inverse element D2 -1Mod n, and calculate P2=D2 -1[*] G, by calculated result P2Return to calling Side, wherein mod indicates modulus operation, and [*] indicates elliptic curve point multiplication operation, and [-] indicates that elliptic curve point subtracts operation;
3) called side calculates W1=D1 -1[*]P2, store calculated result W1, then called side calculates P=W1[-] G, by calculated result P It is disclosed as public key, [*] indicates elliptic curve point multiplication operation, and [-] indicates that elliptic curve point subtracts operation;
Signature generation module, for generating the full signature of message M to be signed;It is specific as follows:
1) called side is according to sub- private key D1Generate first part signature Q1, and by message M and Q to be signed1It is sent to collaborative party;It adjusts With root according to sub- private key D1Generate first part signature Q1Process it is as follows: called side receive treat signature information M carry out number When the request of signature, a random number k between [1, n-1] is generated1, and calculate k1[*]W1, using calculated result as Q1; Wherein, [*] indicates elliptic curve point multiplication operation
2) collaborative party credibly shows message M to be signed, after user's checking message is errorless, according to message M to be signed generate to The eap-message digest e of signature information M generates second part signature r according to Q1 and e, and according to D2Generate Part III signature s2, by r And s2Return to called side;
Wherein, collaborative party generate the eap-message digest e of message M to be signed process it is as follows: Z and M are spliced to form M' by collaborative party, and It calculates Hash (M'), using calculated result as e;Wherein, Z indicates private key owner identity, and Hash () indicates preset close Code hash function;
The process for generating second part signature r according to Q1 and e is as follows:
Collaborative party generates a random number k between [1, n-1]2, and calculate k2[*]G[+]Q1, obtain calculated result (x1, y1), and calculate r=x1+ e mod n signs calculated result r as second part;If r is equal to 0, collaborative party is regenerated k2, and (x is calculated again1, y1) and r, until r is not equal to 0;Wherein, [*] indicates elliptic curve point multiplication operation, [+] Indicate that elliptic curve point add operation, mod indicate modulus operation;
According to D2Generate Part III signature s2, using following formula:
s2=D2*(r+k2)mod n;
3) called side is according to D1, r and s2It generates full signature (r, s), wherein s=k1+D1*s2- r mod n, and (r, s) is returned Back to digital signature request side.
Technical field
The present invention relates to cryptological technique more particularly to a kind of collaboration endorsement methods and device for supporting credible display.
Background technique
Digital signature device is widely used in the scenes such as e-commerce, E-Government, for providing digital signature, identity The functions such as certification.
Currently, private key information is stored in digital signature device, to avoid digital signature device in the unwitting situation of user Under to mistake message be digitally signed, the prior art propose: called side according to digital signature request side send wait sign When name information initiates digital signature request, information to be signed is shown to user, in user's confirmation information correctness to be signed, is tested After the PIN code for demonstrate,proving user, completes digital signature and return to digital signature request side.But in this method, if digital signature is set Standby to lose or be stolen, attacker is able to use the equipment complete independently digital signature, to make after grasping user's PIN code At personal or enterprise loss.
In order to overcome the problems referred above, the prior art propose: called side to digital signature device initiate digital signature request or When digital signature result is returned to digital signature request side, user can be verified by way of short message verification code or password Identity information.But the access control is completed at called side, attacker can call the side such as equation by distorting Formula bypasses the limitation, completes complete digital signature.
Summary of the invention
The technical problem to be solved in the present invention is that for the defects in the prior art, provides and a kind of support credible display Cooperate with endorsement method and device.
The technical solution adopted by the present invention to solve the technical problems is: a kind of collaboration signer for supporting credible display Method, participant include called side and collaborative party, comprising the following steps:
1) signature parameter initializes
It generates and discloses parameter needed for entire signature process;The parameter includes: the elliptic curve correlation ginseng of SM2 algorithm Number (q, Fq, n, G), cryptographic Hash function Hash ();
Wherein, q is Big prime, FqFor the finite field comprising q element, n is prime number, and G is a basic point of elliptic curve, Its rank is n;
2) called side and collaborative party generate code key
Called side obtains private key D1, collaborative party acquisition private key D2;D1、D2For two random numbers between [1, n-1];
3) called side and collaborative party cooperation generate public key
3.1) called side calculates D1In FqOn inverse element D1 -1Mod n, and calculate P1=D1 -1[*] G, by calculated result P1With Subscriber identity information is sent to collaborative party, and initiates collaboration and generate public key request;Wherein, mod indicates modulus operation, and [*] is indicated Elliptic curve point multiplication operation.
3.2) collaborative party receives and stores subscriber identity information, and calculates P=D2 -1[*]P1[-] G makees calculated result P Following digital signature calculation is used for for public key storage;
Collaborative party calculates D2In FqOn inverse element D2 -1Mod n, and calculate P2=D2 -1[*] G, by calculated result P2It returns to Called side, wherein mod indicates modulus operation, and [*] indicates elliptic curve point multiplication operation, and [-] indicates that elliptic curve point subtracts operation;
3.3) called side calculates W1=D1 -1[*]P2, store calculated result W1, then called side calculates P=W1[-] G will be counted It calculates result P to disclose as public key, [*] indicates elliptic curve point multiplication operation, and [-] indicates that elliptic curve point subtracts operation;
4) signature is generated
4.1) called side is according to sub- private key D1Generate first part signature Q1, and by message M and Q to be signed1It is sent to collaboration Side;
4.2) collaborative party credibly shows message M to be signed, after user's checking message is errorless, according to message M to be signed The eap-message digest e for generating message M to be signed generates second part signature r according to Q1 and e, and according to D2Generate Part III label Name s2, by r and s2Return to called side;
4.3) called side generates full signature according to D1, r and s2 and returns to digital signature request side.
According to the above scheme, in the step 4.1) called side according to sub- private key D1Generate first part signature Q1Process such as Under: called side receive treat request that signature information M is digitally signed when, generate one between [1, n-1] with Machine number k1, and calculate k1[*]W1, using calculated result as Q1;Wherein, [*] indicates elliptic curve point multiplication operation.
According to the above scheme, pass through local security before credibly showing message M to be signed in collaborative party in the step 4.2) Store the identity of private key owner identity information verifying user.
According to the above scheme, the process for the eap-message digest e that collaborative party generates message M to be signed in the step 4.2) is as follows: Z and M are spliced to form M' by collaborative party, and calculate Hash (M'), using calculated result as e;Wherein, Z indicates private key owner body Part mark, Hash () indicate preset cryptographic Hash function.
According to the above scheme, the process for generating second part signature r according to Q1 and e in the step 4.2) is as follows:
Collaborative party generates a random number k between [1, n-1]2, and calculate k2[*]G[+]Q1, obtain calculated result (x1, y1), and calculate r=x1+ e mod n signs calculated result r as second part;If r is equal to 0, collaborative party is again Generate k2, and (x is calculated again1, y1) and r, until r is not equal to 0;Wherein, [*] indicates elliptic curve point multiplication operation, Indicate that elliptic curve point add operation, mod indicate modulus operation [+].
According to the above scheme, according to D in the step 4.2)2Generate Part III signature s2, using following formula:
s2=D2*(r+k2)mod n。
According to the above scheme, in the step 4.3) called side according to D1, r and s2It generates full signature (r, s), wherein s= k1+D1*s2-r mod n。
A kind of collaboration signature apparatus for supporting credible display, participant includes called side and collaborative party, comprising:
Signature parameter initialization module discloses parameter needed for entire signature process for generating;The parameter includes: Elliptic curve relevant parameter (q, the F of SM2 algorithmq, n, G), cryptographic Hash function Hash ();
Wherein, q is Big prime, FqFor the finite field comprising q element, n is prime number, and G is a basic point of elliptic curve, Its rank is n;
Key production module generates key for called side and collaborative party;Called side obtains private key D1, collaborative party obtains private Key D2;D1、D2For two random numbers between [1, n-1];
Public key generation module generates public key for called side and collaborative party cooperation, specific as follows:
1) called side calculates D1In FqOn inverse element D1 -1Mod n, and calculate P1=D1 -1[*] G, by calculated result P1With with Family identity information is sent to collaborative party, and initiates collaboration and generate public key request;Wherein, mod indicates modulus operation, and [*] indicates ellipse Circular curve point multiplication operation.
2) collaborative party receives and stores subscriber identity information, and calculates P=D2 -1[*]P1[-] G, using calculated result P as Public key storage is used for following digital signature calculation;
Collaborative party calculates D2In FqOn inverse element D2 -1Mod n, and calculate P2=D2 -1[*] G, by calculated result P2It returns to Called side, wherein mod indicates modulus operation, and [*] indicates elliptic curve point multiplication operation, and [-] indicates that elliptic curve point subtracts operation;
3) called side calculates W1=D1 -1[*]P2, store calculated result W1, then called side calculates P=W1[-] G will be calculated As a result P is disclosed as public key, and [*] indicates elliptic curve point multiplication operation, and [-] indicates that elliptic curve point subtracts operation;
Signature generation module, for generating the full signature of message M to be signed;It is specific as follows:
1) called side is according to sub- private key D1Generate first part signature Q1, and by message M and Q to be signed1It is sent to collaboration Side;Called side is according to sub- private key D1Generate first part signature Q1Process it is as follows: called side receive treat signature information M into When the request of row digital signature, a random number k between [1, n-1] is generated1, and calculate k1[*]W1, by calculated result As Q1;Wherein, [*] indicates elliptic curve point multiplication operation
2) collaborative party credibly shows message M to be signed, raw according to message M to be signed after user's checking message is errorless At the eap-message digest e of message M to be signed, second part signature r is generated according to Q1 and e, and according to D2Generate Part III signature s2, by r and s2Return to called side;
Wherein, collaborative party generate the eap-message digest e of message M to be signed process it is as follows: Z and M are spliced to form by collaborative party M', and Hash (M') is calculated, using calculated result as e;Wherein, Z indicates private key owner identity, and Hash () indicates pre- If cryptographic Hash function;
According to Q1The process for generating second part signature r with e is as follows:
Collaborative party generates a random number k between [1, n-1]2, and calculate k2[*]G[+]Q1, obtain calculated result (x1, y1), and calculate r=x1+ e mod n signs calculated result r as second part;If r is equal to 0, collaborative party is again Generate k2, and (x is calculated again1, y1) and r, until r is not equal to 0;Wherein, [*] indicates elliptic curve point multiplication operation, Indicate that elliptic curve point add operation, mod indicate modulus operation [+];
According to D2Generate Part III signature s2, using following formula:
s2=D2*(r+k2)mod n;
3) called side generates full signature (r, s) according to D1, r and s2, wherein s=k1+D1*s2- r mod n, and will (r, S) digital signature request side is returned to.
The beneficial effect comprise that: in the method for the present invention, called side and collaborative party difference storage section private key letter Breath, either party can not obtain complete private key information;When collaborative party (or collaboration signature device) is lost, attacker still can not structure Make complete digital signature information.Moreover, collaborative party (or collaboration signature device) is credibly shown before the signature for carrying out information Message to be signed just will use at the sub- private key information completion of storage after the correctness that user explicitly confirms signature information Reason.Therefore, in the present solution, when being digitally signed to message, user is able to confirm that the correctness of message to be signed, and guarantees When collaborative party (or collaboration signature device) is lost, attacker can not still construct complete digital signature, improve digital signature Reliability.
Detailed description of the invention
Present invention will be further explained below with reference to the attached drawings and examples, in attached drawing:
Fig. 1 is the method flow diagram of the embodiment of the present invention;
Fig. 2 is the called side of the embodiment of the present invention and the process schematic of collaborative party cooperation generation public key;
Fig. 3 be the embodiment of the present invention called side and collaborative party generate message M to be signed full signature process signal Figure.
Specific embodiment
In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to embodiments, to the present invention It is further elaborated.It should be appreciated that described herein, specific examples are only used to explain the present invention, is not used to limit The fixed present invention.
As shown in Figure 1, a kind of collaboration endorsement method for supporting credible display, comprising the following steps:
Step 11: sub- private key D is stored in called side1, the sub- private key D of secure storage in collaborative party2;
Step 12: called side is according to sub- private key D1Generate first part signature Q1, and by message M and Q to be signed1It is sent to Collaborative party;
Step 13: collaborative party credibly shows message M to be signed, after user's checking message is errorless, generates to be signed disappear The eap-message digest e for ceasing M, according to Q1Second part signature r is generated with e, and according to D2Generate Part III signature s2, by r and s2It returns Back to called side;
Step 14: called side is according to D1, r and s2It generates full signature and returns to digital signature request side;
By process shown in step 12~14, that is, produce the full signature of message M to be signed.
Called side and collaborative party share the elliptic curve parameter E (F of SM2 algorithmq), G and n, elliptic curve E be to be defined on Confinement FqOn elliptic curve, G is the basic point of n rank on elliptic curve E, and specific value of each parameter etc. is pre- all in accordance with SM2 algorithm First set.
D1And D2It can voluntarily be generated by called side and collaborative party, D1And D2It can also be passed to safely respectively by trusted third party Called side and collaborative party.Wherein, D1、D2For two random numbers between [1, n-1].
Then mutual cooperation generates public key P, and correspondingly, Fig. 2 is that called side of the present invention and collaborative party cooperation generate public key Process schematic, as shown in Fig. 2, including the following steps;
Step 21: called side calculates D1In FqOn inverse element D1 -1Mod n, and calculate D1 -1[*] G, by calculated result P1With with Family identity information is sent to collaborative party, and initiates collaboration and generate public key request, wherein mod indicates modulus operation, and [*] indicates ellipse Circular curve point multiplication operation.
Step 22: collaborative party stores subscriber identity information, and calculates D2 -1[*]P1[-] G, using calculated result P as public key Storage is used for following digital signature calculation;Calculate D2In FqOn inverse element D2 -1Mod n, and calculate D2 -1[*] G, by calculated result P2 Return to called side, wherein mod indicates modulus operation, and [*] indicates elliptic curve point multiplication operation, and [-] indicates that elliptic curve point subtracts Operation.
Step 23: called side calculates D1 -1[*]P2[-] G is disclosed using calculated result P as public key, and [*] indicates elliptic curve Point multiplication operation, [-] indicate that elliptic curve point subtracts operation.
Step 24: called side calculates D1 -1[*]P2, store calculated result W1, it is used for following digital signature calculation.
It should be noted that the representation of above-mentioned steps 21~24 is by way of example only, it is not limited to each step Execute sequence, in practical applications, can set each step according to actual needs executes sequence, as long as can finally obtain institute The result needed, it is same in the subsequent each schematic diagram being related to, it repeats no more.
Fig. 3 is the process schematic for the full signature that called side of the present invention generates message M to be signed with collaboration signature device, As shown in figure 3, including the following steps 31~310.
Step 31: called side receive treat request that signature information M is digitally signed when, generate one be located at [1, N-1] between random number k1, and calculate k1[*]W1, using calculated result as Q1.Wherein, [*] indicates elliptic curve dot product fortune It calculates.
Step 32: called side is by Q1Collaborative party is sent to as parameter with message M to be signed.
Step 33: secure storage private key owner's identity information in collaborative party;It passes through PIN before carrying out signature calculation The modes such as code, biological characteristic verify the identity of user.Only after subscriber authentication passes through, continue with;Otherwise it reports an error and ties Beam processing.
Step 34: only after subscriber authentication passes through, collaborative party credibly shows message M to be signed.
Step 35: key or by way of clicking screen, selection carries out collaboration signature or cancels collaboration signature user.Only When user agrees to sign, continue following processing step;Otherwise error message is returned, and ends processing process.
Step 36: Z and M are spliced to form M' by collaborative party, and calculate Hash (M'), using calculated result as e.Wherein, Z table Show private key owner's identity, Hash () indicates scheduled cryptographic Hash function.
Step 37: collaborative party generates a random number k between [1, n-1]2, and calculate k2[*]G[+]Q1, obtain Calculated result (x1, y1), and calculate x1+ e mod n, using calculated result as r.If r is not equal to 0,38 are thened follow the steps;If r etc. In 0, then second communication party can regenerate k2, and (x is calculated again1, y1) and r, until r is not equal to 0.Wherein, [*] indicates elliptic curve point multiplication operation, and [+] indicates that elliptic curve point add operation, mod indicate modulus operation.
Step 38: collaborative party calculates D2*(r+k2) mod n, using calculated result as s2, by r and s2Return to called side.
Step 39: called side calculates k1+D1*s2- r mod n, obtains calculated result s, wherein mod indicates modulus operation.
Step 310: if s is not equal to 0 and is not equal to n-r, (r, s) is returned to digital label as full signature by called side Name requesting party.
Based on the above method, a kind of collaboration signature apparatus for supporting credible display can be obtained, participant includes called side And collaborative party, comprising:
Signature parameter initialization module discloses parameter needed for entire signature process for generating;The parameter includes: Elliptic curve relevant parameter (q, the F of SM2 algorithmq, n, G), cryptographic Hash function Hash ();
Wherein, q is Big prime, FqFor the finite field comprising q element, n is prime number, and G is a basic point of elliptic curve, Its rank is n;
Key production module generates key for called side and collaborative party;Called side obtains private key D1, collaborative party obtains private Key D2;D1、D2For two random numbers between [1, n-1];
Public key generation module generates public key for called side and collaborative party cooperation, specific as follows:
1) called side calculates D1In FqOn inverse element D1 -1Mod n, and calculate P1=D1 -1[*] G, by calculated result P1With with Family identity information is sent to collaborative party, and initiates collaboration and generate public key request;Wherein, mod indicates modulus operation, and [*] indicates ellipse Circular curve point multiplication operation.
2) collaborative party receives and stores subscriber identity information, and calculates P=D2 -1[*]P1[-] G, using calculated result P as Public key storage is used for following digital signature calculation;
Collaborative party calculates D2In FqOn inverse element D2 -1Mod n, and calculate P2=D2 -1[*] G, by calculated result P2It returns to Called side, wherein mod indicates modulus operation, and [*] indicates elliptic curve point multiplication operation, and [-] indicates that elliptic curve point subtracts operation;
3) called side calculates W1=D1 -1[*]P2, store calculated result W1, then called side calculates P=W1[-] G will be calculated As a result P is disclosed as public key, and [*] indicates elliptic curve point multiplication operation, and [-] indicates that elliptic curve point subtracts operation;
Signature generation module, for generating the full signature of message M to be signed;It is specific as follows:
1) called side is according to sub- private key D1Generate first part signature Q1, and by message M and Q to be signed1It is sent to collaboration Side;Called side is according to sub- private key D1Generate first part signature Q1Process it is as follows: called side receive treat signature information M into When the request of row digital signature, a random number k between [1, n-1] is generated1, and calculate k1[*]W1, by calculated result As Q1;Wherein, [*] indicates elliptic curve point multiplication operation
2) collaborative party credibly shows message M to be signed, raw according to message M to be signed after user's checking message is errorless At the eap-message digest e of message M to be signed, second part signature r is generated according to Q1 and e, and according to D2Generate Part III signature s2, by r and s2Return to called side;
Wherein, collaborative party generate the eap-message digest e of message M to be signed process it is as follows: Z and M are spliced to form by collaborative party M', and Hash (M') is calculated, using calculated result as e;Wherein, Z indicates private key owner identity, and Hash () indicates pre- If cryptographic Hash function;
According to Q1The process for generating second part signature r with e is as follows:
Collaborative party generates a random number k between [1, n-1]2, and calculate k2[*]G[+]Q1, obtain calculated result (x1, y1), and calculate r=x1+ e mod n signs calculated result r as second part;If r is equal to 0, collaborative party is again Generate k2, and (x is calculated again1, y1) and r, until r is not equal to 0;Wherein, [*] indicates elliptic curve point multiplication operation, Indicate that elliptic curve point add operation, mod indicate modulus operation [+];
According to D2Generate Part III signature s2, using following formula:
s2=D2*(r+k2)mod n;
3) called side is according to D1, r and s2 generate full signature (r, s), wherein s=k1+D1*s2- r mod n, and will (r, S) digital signature request side is returned to.
Based on the above method, the invention also discloses a kind of collaboration signature devices for supporting credible display.
A kind of collaboration signature device for supporting credible display, comprising:
Signature device is cooperateed with to produce the simultaneously sub- private key D2 of secure storage itself and corresponding sub- public key P2;
Collaboration signature device can also be distributed sub- private key D2, secure storage D2 and corresponding sub- public key P2 by trusted third party;
Message M and first part's signature to be signed in the collaboration signature request that collaboration signature device is sent according to called side Q1 credibly shows message M to be signed;After user's checking message is errorless, the eap-message digest e of message M to be signed is generated, according to Q1 and e generates second part signature r;And Part III signature s2 is generated according to D2;R and s2 are returned into called side, so that adjusting Complete digital signature can be constructed with side.
Wherein,
Signature device and called side is cooperateed with to share elliptic curve parameter E (Fq), G and the n of SM2 algorithm, elliptic curve E is fixed Elliptic curve of the justice on finite field Fq, G are the basic point of n rank on elliptic curve E.
Receive called side initiation collaboration generate public key request when, collaboration signature device from [1, n-1] select one with Machine number D2 calculates inverse element D2 of the D2 on Fq-1Mod n calculates D2-1Simultaneously calculated result P2 returns to called side to [*] G.Wherein, Mod indicates modulus operation, and [*] indicates elliptic curve point multiplication operation.
Specifically,
When receiving the collaboration signature request of called side initiation, collaboration signature device analysis request obtains message to be signed M and first part signature Q1.
It cooperates with signature device according to the subscriber identity information of storage, the identity of user is verified before carrying out signature calculation, is tested The mode for demonstrate,proving user identity includes but is not limited to PIN code, biological characteristic etc..
Collaboration signature device credibly shows message M to be signed;Allow users to through key or click the side of screen Formula, selection carry out collaboration signature or cancel collaboration signature.
Only when user agrees to carry out collaboration signature, cooperate with signature device that Z and M are spliced to form M', and calculate Hash (M'), using calculated result as e, wherein Z indicates private key owner identity, and Hash () indicates scheduled cryptographic Hash letter Number.
It cooperates with signature device to generate a random number k 2 between [1, n-1], and calculates k2 [*] G [+] Q1, obtain Calculated result (x1, y1), and x1+e mod n is calculated, using calculated result as r, wherein [*] indicates elliptic curve dot product fortune It calculates, [+] indicates that elliptic curve point add operation, mod indicate modulus operation.
If r is not equal to 0, signature device is cooperateed with to calculate D2* (r+k2) mod n, using calculated result as s2;By r and s2 Called side is returned to, called side is enabled to construct complete digital signature.
In addition,
Called side and collaboration signature device can be directly connected to interact by way of the physical connections such as USB;Pass through Wirelessly, the mode of the non-physical connections such as bluetooth, Near Field Communication (NFC) directly interacts;It can also borrow The mode for helping third party entity to forward completes information exchange.
It should be understood that for those of ordinary skills, it can be modified or changed according to the above description, And all these modifications and variations should all belong to the protection domain of appended claims of the present invention.
- 上一篇:一种医用注射器针头装配设备
- 下一篇:一种生成随机密码的数字电路